Beta - Lsass.exe is back

The mongrel is back, Lsass.exe just reappeared, it hasn't been around for about a month.

Click cancel and you have 60 seconds to abort shutdown by going to:

Start
Run
type in "Shutdown -a" without the quotation marks...

Cheers

 

Have you tried uninstalling 835732 and reinstalling?

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

 

I haven't tried that, everything was running nicely with the version prior to last night.

I now get other error messages, such as the following:

Cheers

 

No, but I shall, don't think this will be it though. I am getting similar error messages with IEXPLORE.exe, only since last night after installing the new Beta.

Cheers

 

Exactly

Cheers

 

What other programs do you have running? There was something similar to those memory errors you keep getting on some other program that was suppose to prevent buffer overflows.

 

Scandisk (Checkdisk) came up all ok.

Event log shows the following:

Event Type: Error
Event Source: Winlogon
Event Category: None
Event ID: 1015
Date: 23/07/2004
Time: 1:06:16 PM
User: N/A
Computer: XXXXX
Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

And that's all there is...

Cheers

 

Belarc Information


Computer Profile Summary
Computer Name: XXXXX (in WORKGROUP)
Profile Date: Saturday, 24 July 2004 1:52:17 AM
Advisor Version: 6.1f
Windows Logon: PC User

Click here for Belarc's PC Management products, for large and small companies.

Operating System System Model
Windows XP Professional Service Pack 1 (build 2600) No details available
Processor a Main Circuit Board b
2.80 gigahertz Intel Pentium 4
8 kilobyte primary memory cache
512 kilobyte secondary memory cache Board: Gigabyte Technology Co., Ltd. 8IG1000-G x.x
Bus Clock: 200 megahertz
BIOS: Award Software International, Inc. F3 03/04/2004
Drives Memory Modules c,d
200.05 Gigabytes Usable Hard Drive Capacity
119.94 Gigabytes Hard Drive Free Space

ASUS CRW-5224A [CD-ROM drive]
HL-DT-ST CD-ROM GCR-8521B
3.5" format removeable media [Floppy drive]

ST3200822A [Hard drive] (200.05 GB) -- drive 0, s/n 3LJ0R916, rev 3.01, SMART Status: Healthy 496 Megabytes Installed Memory

Slot 'A0' has 256 MB
Slot 'A1' is Empty
Slot 'A2' has 256 MB
Slot 'A3' is Empty
Local Drive Volumes


c: (on drive 0) 200.05 GB 119.94 GB free
Network Drives
None detected
Users Printers
local user accounts last logon
PC User 24/07/2004 1:37:46 AM (admin)
local system accounts
Administrator never (admin)
Guest never
HelpAssistant never
SUPPORT_388945a0 never

DISABLED Marks a disabled account; LOCKED OUT Marks a locked account

Hewlett-Packard HP-GL/2 Plotter on \\FULLBACK\d1plt1
Microsoft Office Document Image Writer Driver on Microsoft Document Imaging Writer Port:
Controllers Display
Standard floppy disk controller
Intel(R) 82801EB Ultra ATA Storage Controllers
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] Intel(R) 82865G Graphics Controller [Display adapter]
Hitachi CML174SX [Monitor] (17.1"vis, s/n H3B004394, February 2003)
Bus Adapters Multimedia
Intel(R) 82801EB USB Universal Host Controller - 24D2
Intel(R) 82801EB USB Universal Host Controller - 24D4
Intel(R) 82801EB USB Universal Host Controller - 24D7
Intel(R) 82801EB USB Universal Host Controller - 24DE
Intel(R) 82801EB USB2 Enhanced Host Controller - 24DD MPU-401 Compatible MIDI Device
Realtek AC'97 Audio
Standard Game Port
Communications Other Devices
Realtek RTL8139/810x Family Fast Ethernet NIC #2
Network Card MAC Address: 00:00:1C8:62:22
Network IP Address: 144.133.221.206 / 22 HID-compliant consumer control device
HID-compliant consumer control device
HID-compliant device
USB Human Interface Device
USB Human Interface Device
Built-in Infrared Device
HID Keyboard Device
HID-compliant mouse
USB Composite Device
USB Root Hub
USB Root Hub
USB Root Hub
USB Root Hub
USB Root Hub
Virus Protection
No details available
Installed Microsoft Hotfixes [Back to Top]
DataAccess
no verification data Q832483 on 24/03/2004 (details...)
no verification data KB870669 (details...)
DirectX
DX9
SP1:
passed verification KB839643-DIRECTX9 on 8/06/2004 (details...)
Internet Explorer
no verification data SP1 (SP1)
no verification data Q330994 (details...)
no verification data Q823353 (details...)
no verification data Q831167 (details...)
no verification data Q832894 (details...)
no verification data Q837009 (details...)
Windows Media Player
passed verification Q828026 (details...)
passed verification KB837272 (details...)
SP0
passed verification Q828026 on 24/03/2004 (details...)
Windows XP
SP0
passed verification KB837272 on 2/05/2004 (details...)
SP2
passed verification Q322011 on 24/03/2004 (details...)
no verification data Q327979 on 24/03/2004 (details...)
passed verification KB810243 on 24/03/2004 (details...)

Windows XP
SP2 (continued)
passed verification Q814995 on 24/03/2004 (details...)
passed verification KB817778 on 24/03/2004 (details...)
passed verification KB820291 on 24/03/2004 (details...)
passed verification KB821253 on 24/03/2004 (details...)
passed verification KB822603 on 24/03/2004 (details...)
passed verification KB823182 on 24/03/2004 (details...)
passed verification KB824105 on 24/03/2004 (details...)
passed verification KB824141 on 24/03/2004 (details...)
passed verification KB824146 on 24/03/2004 (details...)
passed verification KB825119 on 24/03/2004 (details...)
passed verification KB826939 on 24/03/2004 (details...)
passed verification KB826942 on 24/03/2004 (details...)
passed verification KB828028 on 24/03/2004 (details...)
passed verification KB828035 on 24/03/2004 (details...)
passed verification KB828741 on 2/05/2004 (details...)
passed verification KB833407 on 6/05/2004 (details...)
passed verification KB833998 on 2/05/2004 (details...)
passed verification KB835732 on 2/05/2004 (details...)
passed verification KB837001 on 2/05/2004 (details...)
passed verification KB839645 on 14/07/2004 (details...)
passed verification KB840315 on 14/07/2004 (details...)
passed verification KB840374 on 11/05/2004 (details...)
passed verification KB841873 on 14/07/2004 (details...)
passed verification KB842773 on 14/07/2004 (details...)

Click here to see all available Microsoft security hotfixes for this computer.

verifies OK Marks a HotFix that verifies correctly
fails verification Marks a HotFix that fails verification
(note that failing hotfixes need to be reinstalled)
Unmarked HotFixes lack the data to allow verification
Software Licenses [Back to Top]

Belarc - Advisor d8e2896b
Microsoft - Internet Explorer 55274-645-1896202-23835 (Key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX)
Microsoft - MediaPlayer 69808-351-1370217-04420
Microsoft - Office Professional Edition 2003 73931-640-0000106-57834 (Key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX)
Microsoft - WebFldrs XP 12345-111-1111111-09388
Microsoft - Windows XP Professional 55274-645-1896202-23835 (Key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX)
Software Versions [Back to Top]
Adobe Reader Version 6.0.0.2003051900 *
Advanced Process Manipulation *
Ahead Software AG - Cover Designer Version 2, 3, 0, 6 *
Ahead Software AG - InfoTool Application Version 2, 2, 1, 0 *
Ahead Software AG - Nero BackItUp Version 1, 2, 0, 15 *
Ahead Software AG - Nero Burning ROM Version 6, 3, 1, 15 *
Ahead Software AG - Nero CD - DVD Speed Version 3, 0, 1, 0 *
Ahead Software AG - Nero DriveSpeed Version 2, 0, 2, 0 *
Ahead Software AG - Nero ImageDrive Version 2, 27, 0, 4 *
Ahead Software AG - Nero SoundTrax Version 1, 0, 0, 28 *
Ahead Software AG - Nero StartSmart Version 1, 0, 1, 18 *
Ahead Software AG - Nero Wave Editor DLL Version 2, 0, 0, 32 *
Apple Computer, Inc. - QuickTime QuickTime 6.1c *
Belarc, Inc. - BelManage Client Version 6.1f *
BigPond Broadband Cable Login *
BST - BSPlayer v1.0 Version 1.0.0.0 *
Cinematronics - 3D Pinball Version 5.1.2600.0 *
CoffeeCup Free Viewer Plus Version 2.6.0.0 *
CoffeeCup Software - Quick Viewer Version 2.5.0.0 *
Cottonwood Software - File-Ex Version 3.0.0.24 *
Created by javacool. - FileChecker v1.7 Version 1.07.0001 *
Eraser Version 5.7 *
ewido security suite Version 0, 1, 0, 101 *
FaberBox - Faber Toys Version 2.05.0240 *
filecheckertutorial Version 1.00 *
Free Spider *
Groom-A-Zebu (tm) - Proxomitron Naoko-4.5 2003-6-1 *
home - Ostat Version 0.32.0265 *
Inno Setup Version 51.13.0.0 *
InstallDriver Module Version 7.07 *
Intel(R) Common User Interface Version 7.0.0.3762 *
IrfanView Version 3.80 *
Java Web Start *
javaw.exe *
Jordan Russell - Inno Setup Uninstaller Version 51.7.0.0 *
Karen's Power Tools Version 2.02.0003 *
Lavasoft Ad-aware Plus Version 6.0.0.0 *
M&R Technologies, Inc. - PCStitch version 6 Version 6.02 *
M&R Technologies, Inc. - The DMC Floss Editor Version 6.02 *
Macromedia, Inc. - Flash 4.0 Version 4,0,7,0 *
Microsoft (R) .NET Framework Version 1.1.4322.573 *
Microsoft (r) Windows Script Host Version 5.6.0.8515 *
Microsoft Application Error Reporting Version 11.0.5515 *
Microsoft Clip Organizer Version 11.0.5510 *
Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 *
Microsoft Corporation - Messenger Version 4.7 *
Microsoft Corporation - Office Source Engine Version 11.0.5525 *
Microsoft Corporation - SelfCert Version 11.0.5510 *
Microsoft Corporation - Windows Installer - Unicode Version 2.0.2600.1106 *
Microsoft Corporation - Windows Journal Viewer Version 1.5.2315.3 *
Microsoft Corporation - Windows Movie Maker Version 2.0.3312.0 *
Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
Microsoft Corporation - Zone.com Version 1.2.626.1 *
Microsoft Office 2003 Version 11.0.6113 * Microsoft Office Document Imaging Version 11.0.1897.0 *
Microsoft Office InfoPath Version 11.0.5531 *
Microsoft Office Outlook Version 11.0.5510 *
Microsoft Office Picture Manager Version 11.0.5510 *
Microsoft Office Save My Settings/Profile Wizard Version 11.0.5510 *
Microsoft Open Database Connectivity Version 3.520.9030.0 *
Microsoft Windows Media Player Version 6.4.09.1125 *
Microsoft(R) MSN (R) Communications System Version 7.02.0005.2202 *
Microsoft(R) Windows Media Player Version 9.00.00.2980 *
Microsoft® Schedule+ for Windows 95(TM) Version 7.5 *
Microsoft® Visual Studio .NET Version 7.00.9466 *
Microsoft® Windows(TM) Shell PowerToys Version 96.02.06 *
MindVision - Installer VISE 2.8.3 Version 2.8.3 *
MindVision Software - Installer VISE Version 3.1.1 *
Mozilla - Firefox Version 1.7: 2004070723 *
NetBeans IDE 3.5.1 *
NOD32 *
NOD32 Control Center *
NOD32 Kernel Service *
none - burnatonce Version 0.99.0005 *
OpenOffice.org 1.1.1 *
OpenOffice.org 1.1.1 Version 6.00.8753 *
Overnet Application Version 0.53.0.0 *
PepiMK Software - Spybot - Search & Destroy Version 1, 3, 0, 12 *
PGP Version 8.0.2 *
PGPsdk Version 3.0.2 *
Prismatic Software - DupDetector Application Version 3.101 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 0.1.0.3018 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 6.0.12.857 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 7.0.0.2400 *
Realtek Sound Manager Version 5.1.0.24 *
RegCleaner The same as the FileVersion *
Safer Networking Limited - SpyBot-S&D Version 1, 3, 0, 12 *
Script Defender *
Script Defender Updates *
Sierra Entertainment, Inc. - Hoyle Casino Version 1, 0, 0, 0 *
SmartLine, Inc. - Active Ports Version 1, 4, 0, 0 *
SpywareBlaster AutoUpdate Version 3.02 *
SpywareBlaster Version 3.02 *
SpywareGuard LiveUpdate Version 2.02.0001 *
SpywareGuard Version 2.02.0001 *
Strip'n Score *
SunJavaUpdateSched *
SWE von Schleusen - UltimateZip Quick Start Version 1.1 *
SWE von Schleusen - UltimateZip Self-Extractor Version 2.7 *
SWE von Schleusen - UltimateZip Version 2.7 *
Telstra - BigPond Broadband Cable Login Version 1.00 *
WinImage Self Extractor file Version 6.10.6100 *
WinZip Version 8.0 (3105) *
Wizards to adjust .NET Framework security, assign trust to assemblies, and fix broken .NET applications. Version 1.0.5000.0 *
Zone Labs Client Version 5.0.590.043 *
Zone Labs Inc. - Internet Access Monitor Version 5.0.590.043 *
Zone Labs Inc. - TrueVector Service Version 5.0.590.043 *
Zone Labs Uninstaller Version 5.0.590.43 *
* Click to see where software is installed.
a. Megahertz measurement may be inaccurate if other programs were busy during last analysis.
b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
e. This may be the manufacturer's factory installed product key rather than yours.
Copyright 2000-4, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.


Cheers

 

Lsass.exe problem is very annoying indeed. To get rid of it, install the fix mentioned by
rumpstah ...it should fix the problem. I've noticed that even after installing it, the error
returns back after a few days of clean operation. In such a case, reinstall the same fix.

Regards,
AgentX

 

I will wait for another Beta to come out first. No one should have to do this, the problem appeared, then they brought out a pre-release Beta, that sorted it out, several pre-release Beta's later and everything was still ok. Then when the actual Beta is released to the public the problem returns... This appears to come down to the Eset and their programmers...

Cheers

 

The trouble is, it is VERY intermitant, it has only appeared twice in the last 48hrs, As well I have had 2 other error messages as posted elsewhere; IEXPLORE.exe and AcroRd32.exe as posted in another thread...

ALL error messages are in the same format, and have ONLY appeared since installing the NEW Beta, they had dissapeared with pre-release Beta.

Cheers

 

Hello,

I've the same error messages as Blackspear but haven't the beta of NOD installed. It appears as a non responding pc when for example starting a new application.
I noticed at one occasion two icons of LookNStop in the system tray.
What's the solution for this problem and what the cause of it? I truly hope not a complete re-install of WinXP.

Kind regards,

PeterVO

 

Blackspear: What is your distribution version for lsasrv.dll?

Mine is 5.1.2600.1361

 

Same here: 5.1.2600.1361

Cheers

 

This problem with Lsass.exe goes back prior to the Beta, see the following thread:

https://www.wilderssecurity.com/showthread.php?t=35206

It appears to be a work in process...

Cheers

 

Blackspear,

It stranges.In my last email I told you that I had the lsass.exe problem when I closed or opened my internet connection and with this beta version this problem is over.

Best Regards,

DonKid.

 

It is a very strange problem indeed, tell me about it

I have run Nod32 for 2 years now without ever coming across the Lsass.exe error message. My first encounter was through a customer trying to VPN. I then had the problem appear a few days later on my home PC. I was given a pre-release Beta to try, it didn't solve the problem. The next pre-release did resolve it, and every pre-release thereafter has been fine.

Then along comes the actual Beta and the problem returns with a few friends, as in; IXPLORE.exe and AcroRd32.exe, I can no longer open a ".pdf" file. So now I am waiting for a further release of the Beta.

I can not replicate the error through anything, it just reappears every now and then. I have not changed any of my settings or programs, I have not installed any new programs.

I can replicate the AcroRd32.exe error message by trying to open a ".pdf" file.

The error has not occurred for 24 hours, but this can be the case, it is very intermittent

Cheers

 

I'm getting a series or application and service errors as well. lsass, iexplore, svchost and a couple others...

 

Well I checked my PC and I have 2 lsass.exe. 1 in system32 and the other in c:\windows\servicepackfiles\i386.
I never saw a thing like that.I tried to open pdf files and it's ok too. So far so good.Have you tried to format your PC ?

Best Regards,

DonKid.

 

This won't be necessary, like I said before, after a pre-release the problem was fixed, so I'll just hang tight for another release to come along...

Cheers